CVE-2025-10703

Improper Control of Generation of Code 'Code Injection' vulnerability in Progress DataDirect Connect for JDBC drivers, Progress DataDirect Open Access JDBC driver and Hybrid Data Pipeline allows Remote Code Inclusion. The SpyAttribute connection option implemented by the DataDirect Connect for JD...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 : Vim vulnerabilities (USN-7419-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7419-1 advisory. It was discovered that Vim incorrectly handled memory when using invalid input with t...

CVE-2024-0831

A sensitive information disclosure vulnerability was found in Hashicorp Vault. Enabling an audit device that specifies the lograw option may log sensitive information to oth...

CVE-2019-12573

A vulnerability in the London Trust Media Private Internet Access PIA VPN Client v82 for Linux and macOS could allow an authenticated, local attacker to overwrite arbitrary files. The openvpnlauncher binary is setuid root. This binary supports the --log option, which accepts a path as an argument...

The vulnerability of the Ansible configuration management system, related to the incorrect handling of the “no_log” option, allows a perpetrator to gain unauthorized access to sensitive information.

The vulnerability of the Ansible configuration management system is related to the improper handling of the “nolog” option, which is intended to prevent logging of tasks when they fail. This results in confidential data being recorded in event logs and on the user’s terminal. Exploiting this...

The vulnerability of the Ansible configuration management system, related to the disclosure of confidential data in vvv+ mode, allows a perpetrator to gain unauthorized access to information.

The vulnerability of the Ansible configuration management system is related to the disclosure of confidential data in the vvv+ mode with the nolog option disabled. Exploiting this vulnerability allows a remote attacker to gain unauthorized access to information...

PT-2018-2516

Name of the Vulnerable Software and Affected Versions Ansible versions 2.4 through 2.4.4 Ansible versions 2.5 through 2.5.4 Description The issue is related to the incorrect handling of the no log option in Ansible, which is designed to prevent task logging. When a task fails, sensitive data may ...

url-snarf NSE Script

Sniffs an interface for HTTP traffic and dumps any URLs, and their originating IP address. Script output differs from other script as URLs are written to stdout directly. There is also an option to log the results to file. The script can be limited in time by using the timeout argument or run unt...

Cross site scripting

Cross-site scripting XSS vulnerability in Ipswitch WSFTP allows remote attackers to inject arbitrary web script or HTML via arguments to a valid command, which is not properly handled when it is displayed by the view log option in the administration interface. NOTE: this can be leveraged to creat...